US11575685B2ActiveUtilityPatentIndex 72
User behavior profile including temporal detail corresponding to user interaction
Est. expiryMay 15, 2037(~10.9 yrs left)· nominal 20-yr term from priority
H04L 9/3236H04L 2209/56H04L 9/50H04L 63/1433H04L 67/306H04L 63/14
72
PatentIndex Score
2
Cited by
219
References
20
Claims
Abstract
A system, method, and computer-usable medium are disclosed for generating a cyber behavior profile comprising monitoring user interactions between a user and an information handling system; converting the user interactions into electronic information representing the user interactions, the electronic information representing the user interactions comprising temporal detail corresponding to the user interaction; and generating a user behavior profile based upon the electronic information representing the user interactions, the generating the user profile including a layer of detail corresponding to the temporal detail corresponding to the user interaction.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-implementable method for generating a cyber behavior profile, comprising:
monitoring electronically-observable user behavior;
converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior, the electronic information representing the user behavior comprising temporal detail corresponding to the user interaction, the temporal detail corresponding to a plurality of temporal user behavior factors associated with the user interaction, at least one temporal user behavior factor being implemented as an ontological time user behavior factor, the ontological time user behavior factor referring to how one instant in time relates to another instant in time in a chronological sense, at least one temporal user behavior factor being implemented as a societal time user behavior factor, the societal time user behavior factor referring to how a user interaction at a particular instant in time correlates to another user interaction at another particular instant in time;
generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the generating the user behavior profile including information relating to the temporal detail corresponding to the user interaction, the user behavior profile comprising a date/time/frequency user behavior element, the date/time/frequency user behavior element comprising information regarding at least one of the ontological time user behavior factor and the societal time user behavior factor; and,
using the user behavior profile with the date/time/frequency user behavior element to perform a detection operation via a user behavior monitoring system.
2. The method of claim 1 , further comprising:
notifying a security administrator of a result of the detection operation.
3. The method of claim 1 , wherein:
the detection operation determines whether a particular user behavior is at least one of acceptable, unacceptable, anomalous and malicious.
4. The method of claim 1 , wherein:
the plurality of temporal user behavior factors comprise a date/time/frequency user behavior factor.
5. The method of claim 1 , wherein:
a temporal user behavior factor of the plurality of user behavior factors comprises information regarding access of a particular file.
6. The method of claim 1 , wherein:
the user behavior monitoring system decays a risk associated with a user according to an amount of ontological time that has lapsed since a last observed policy violation.
7. A system comprising:
a processor;
a data bus coupled to the processor; and
a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for:
monitoring electronically-observable user behavior;
converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior, the electronic information representing the user behavior comprising temporal detail corresponding to the user interaction, the temporal detail corresponding to a plurality of temporal user behavior factors associated with the user interaction, at least one temporal user behavior factor being implemented as an ontological time user behavior factor, the ontological time user behavior factor referring to how one instant in time relates to another instant in time in a chronological sense, at least one temporal user behavior factor being implemented as a societal time user behavior factor, the societal time user behavior factor referring to how a user interaction at a particular instant in time correlates to another user interaction at another particular instant in time;
generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the generating the user behavior profile including information relating to the temporal detail corresponding to the user interaction, the user behavior profile comprising a date/time/frequency user behavior element, the date/time/frequency user behavior element comprising information regarding at least one of the ontological time user behavior factor and the societal time user behavior factor; and,
using the user behavior profile with the date/time/frequency user behavior element to perform a detection operation via a user behavior monitoring system.
8. The system of claim 7 , wherein the instructions executable by the processor are further configured for:
notifying a security administrator of a result of the detection operation.
9. The system of claim 7 , wherein:
the detection operation determines whether a particular user behavior is at least one of acceptable, unacceptable, anomalous and malicious.
10. The system of claim 7 , wherein:
the plurality of temporal user behavior factors comprise a date/time/frequency user behavior factor.
11. The system of claim 7 , wherein:
a temporal user behavior factor of the plurality of user behavior factors comprises information regarding access of a particular file.
12. The system of claim 7 , wherein:
the user behavior monitoring system decays a risk associated with a user according to an amount of ontological time that has lapsed since a last observed policy violation.
13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
monitoring electronically-observable user behavior;
converting the electronically-observable user behavior into electronic information representing the electronically-observable user behavior, the electronic information representing the user behavior comprising temporal detail corresponding to the user interaction, the temporal detail corresponding to a plurality of temporal user behavior factors associated with the user interaction, at least one temporal user behavior factor being implemented as an ontological time user behavior factor, the ontological time user behavior factor referring to how one instant in time relates to another instant in time in a chronological sense, at least one temporal user behavior factor being implemented as a societal time user behavior factor, the societal time user behavior factor referring to how a user interaction at a particular instant in time correlates to another user interaction at another particular instant in time;
generating a user behavior profile based upon the electronic information representing the electronically-observable user behavior, the generating the user behavior profile including information relating to the temporal detail corresponding to the user interaction, the user behavior profile comprising a date/time/frequency user behavior element, the date/time/frequency user behavior element comprising information regarding at least one of the ontological time user behavior factor and the societal time user behavior factor; and,
using the user behavior profile with the date/time/frequency user behavior element to perform a detection operation via a user behavior monitoring system.
14. The non-transitory, computer-readable storage medium of claim 13 , wherein the computer executable instructions are further configured for:
notifying a security administrator of a result of the detection operation.
15. The non-transitory, computer-readable storage medium of claim 13 , wherein:
the detection operation determines whether a particular user behavior is at least one of acceptable, unacceptable, anomalous and malicious.
16. The non-transitory, computer-readable storage medium of claim 13 , wherein:
the plurality of temporal user behavior factors comprise a date/time/frequency user behavior factor.
17. The non-transitory, computer-readable storage medium of claim 13 , wherein:
a temporal user behavior factor of the plurality of user behavior factors comprises information regarding access of a particular file.
18. The non-transitory, computer-readable storage medium of claim 13 , wherein:
the user behavior monitoring system decays a risk associated with a user according to an amount of ontological time that has lapsed since a last observed policy violation.
19. The non-transitory, computer-readable storage medium of claim 13 , wherein:
the computer executable instructions are deployable to a client system from a server system at a remote location.
20. The non-transitory, computer-readable storage medium of claim 13 , wherein:
the computer executable instructions are provided by a service provider to a user on an on-demand basis.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.